NCSAM Tip#17: Stay Safe Online — Security at Home

When we discuss security as an integral part of our cyber life, it is important that we take sufficient care that the home network and the devices that are used at home are secured. There are several areas at home in which we use Internet and IP-enabled devices. These include your home network (wired & wireless), personal computing devices, smart phones, official computing devices, network-enabled printers, and other smart appliances. While we look at security, all of these devices need to be reviewed for security best practices to ensure that the risk of an attacker penetrating or compromising these devices is reduced. This post concentrates on securing three main entities in a home network.

Securing the Home Network

The first area to address is the home backbone network itself. With the availability of inexpensive home wireless routers, it is common to have a wired and wireless network in every connected home. While the wired network is relatively secure, the wireless network has to be secured appropriately.

There are several incidents in the United States and around that globe where miscreants used open WiFi networks to carry out malicious and illegal activities that leave the owners of those insecure networks liable for prosecution and detention. Some of the common techniques used to secure a wireless home network are listed below.

Change the default password: Access points and routers have a default password set by the factory. You will be asked for a password when you want to change their settings. Hackers know these defaults and will try them to access your wireless device and change your network settings. To thwart any unauthorized changes, change the password so it will be hard to guess.

Change the default SSID: Your wireless devices have a default SSID (Service Set Identifier) set by the factory. The SSID is the name of your wireless network, and can be up to 32 characters. Hackers know these defaults and can use them to join your network. Change your network’s SSID to something unique, and make sure it doesn’t refer to the networking products you use. As an added precaution, be sure to change the SSID on a regular basis, so any hacker who may have figured out your network’s SSID in the past will have to figure out the SSID again and again. This will deter future intrusion attempts.

Use WPA2 PSK for authentication and encryption: The latest wireless routers come with default security that can be implemented by a push of the button. But it is important to ensure that proper encryption is set in the wireless routers to avoid exposing the wireless network to intruders. WPA2 is currently the most secure standard available for wireless security at home and this should be used while configuring the routers. To protect the information as it passes over the airwaves, you should enable the highest level of encryption that is supported by your network equipment.

Use MAC address restriction: While MAC addresses can be easily spoofed; it does provide protection against casual attackers. Some routers give you the ability to enable MAC address filtering. With MAC address filtering, you specify which computers can access your network. It would be very difficult for a hacker to access your network using a random MAC address.

Enable firewalls that are available in the wireless router: Many routers have the firewall feature embedded into the device and can be leveraged to protect inbound and outbound access, especially if you are publishing servers on the Internet from the home network.

Disable admin access from the Internet (WAN): Opening up router admin access from the Internet could help an attacker to identify and hack into the router, thereby reconfigure the router and access the devices in the network.

Protecting Your Home PC

Any Internet connected device in your home, mainly the PC, is at risk of attack. Even though you have protected your home wireless network, it is important that adequate security measures are taken to protect the home computer. Typically corporate computers have security software installed as part of the company security policy. But home computers are often ignored and can become a victim of cyber-attacks. If not properly protected, your PC could also be a member of a Botnet infrastructure that is used to launch attack against other computers in a distributed manner. Some of the steps that can be taken to protect the home computer are given below.

Install a desktop Firewall: It is important to install a desktop firewall and configure it to allow only required outbound and inbound access. Operating systems such as Microsoft Windows comes with built in firewalls. There are also many commercial desktop firewall products that provide such protection.

Install antivirus software: Viruses have been a major threat for a long time and still the story continues even though there have been many other threats emerging in the past decade. It is important to install good antivirus software on your home computer and even more important to keep the antivirus definition updated regularly to protect from newer viruses.

Keeping the PC up-to-date with security patches: New vulnerabilities are uncovered in most software regularly. Operating system vendors release periodic patches to fix those identified vulnerabilities. These patches should be installed at the earliest available opportunity to limit exposure to these vulnerabilities

Antispyware: Spyware is seemingly harmless software that is installed on your machine when you download software from unknown sources, but used by malicious elements to collect information from your computers. Spyware may collect information like passwords, login credentials, installed software, etc. without your knowledge. Most of the current antivirus software applications include anti-spyware capabilities and should be installed on your computer to protect against these threats.

Secure Your Mobile Devices

Because of the improvement to mobile devices, evolving them into small computers which we carry around in our pockets, many risks previously applicable to computers are now applicable to these mobile devices as well. With many of us using these smart devices for personal and business purpose, it is all the more important to maintain good security posture with these devices. While these devices are susceptible to attacks over the Internet while at home or on the move, they are also easily lost or stolen due to their high portability. The following are some of the protection mechanisms to consider while on your mobile devices.

Use a lock password: Having to enter a password to use your mobile device helps them from easily being compromised when fallen in the hands of another person and can keep your data safe. Also enable the auto-lock feature to lock the screen after an idle time.

Antivirus: While it is not common to find viruses on mobile devices, there is increasing instances of viruses spreading on these smart, mobile devices. There are several anti-virus software applications available for different mobile platforms and should be considered based on the vulnerability of the mobile operating system used on your device. Configure automatic updates when possible.

Disable Wi-Fi and Bluetooth when not in use: Disabling these features limits the risk of an attacker using these wireless technologies to attack your device.

Update mobile device software frequently: Regular updates of critical security patches will avoid vulnerabilities that can be exploited by an attacker.

Use an encryption solution to keep the data in portable device secure.

Keeping security in mind while configuring and using your devices helps you do the appropriate activities by limiting your exposure to attacks and avoiding data and identity theft from your personal/home devices.

Some of the individuals posting to this site, including the moderators, work for Cisco Systems. Opinions expressed here and in any corresponding comments are the personal opinions of the original authors, not of Cisco. The content is provided for informational purposes only and is not meant to be an endorsement or representation by Cisco or any other party. This site is available to the public. No information you consider confidential should be posted to this site. By posting you agree to be solely responsible for the content of all information you contribute, link to, or otherwise upload to the Website and release Cisco from any liability related to your use of the Website. You also grant to Cisco a worldwide, perpetual, irrevocable, royalty-free and fully-paid, transferable (including rights to sublicense) right to exercise all copyright, publicity, and moral rights with respect to any original content you provide. The comments are moderated. Comments will appear as soon as they are approved by the moderator.